[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Virus emails

On Tue, Sep 23, 2003 at 12:28:44AM +0200, Mike Hommey wrote:
> Maybe I'm wrong, but I think an MTA rejecting a mail because of oversized body 
> doesn't have to get the whole body before rejecting the mail. Based on this, 
> it should be possible to reject the mail before it gets fully transfered to 
> the server.

Well, you can reject on the size argument, if you see one, and if it is not
faked. Otherwise you have to read up to x bytes until you can drop the

But this has nothing to do with the worms, unless you want to limit your
mails to max 10k :) In case of spam and virus checking you have to read at
least the headers, and most likely a lot of the body (till you know the
attachement type)

  (OO)      -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!

Reply to: